Hi Daan, We still couldn't sort out this issue with our client VM. We are still waiting for the community to direct us toward finding a solution.
Regards. On Fri, 19 Jan 2024, 17:31 Daan Hoogland, <daan.hoogl...@gmail.com> wrote: > Friborz, any progress? > not a gre expert but glad to see you get on with your problem. > > On Sat, Jan 6, 2024 at 10:39 PM Fariborz Navidan <mdvlinqu...@gmail.com> > wrote: > > > > Hi Dear Experts, > > > > We are running Cs 4.15.0.0 with 2 KVM hosts having security groups > enabled > > zone. We have a VM which a GRE tunnel has been setup between it and a > > server outside our network. Both hosts had been rebooted a few days ago > due > > to power interruption. Before the reboot happens, the GRE tunnel was > > working properly on the mentioned VM. However after the reboot, GRE > tunnel > > can be established but machines cannot reach each other via the tunnel's > > private IP address. All ports and protocols are already added to ingress > > rule set of security group which VM belongs to. > > > > Below is output of "ip a" and "ip r" commands on the VM running on our CS > > infrastructure. > > > > root@cdn-fr-1-kajgana-net:~# ip a > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group > > default qlen 1000 > > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > > inet 127.0.0.1/8 scope host lo > > valid_lft forever preferred_lft forever > > inet6 ::1/128 scope host > > valid_lft forever preferred_lft forever > > 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > state > > UP group default qlen 1000 > > link/ether 1e:00:85:00:02:4d brd ff:ff:ff:ff:ff:ff > > inet 164.132.223.34/28 brd 164.132.223.47 scope global ens3 > > valid_lft forever preferred_lft forever > > inet6 fe80::1c00:85ff:fe00:24d/64 scope link > > valid_lft forever preferred_lft forever > > 3: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen > 1000 > > link/gre 0.0.0.0 brd 0.0.0.0 > > 4: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN > group > > default qlen 1000 > > link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff > > 5: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN > group > > default qlen 1000 > > link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff > > 6: gre1@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue > state > > UNKNOWN group default qlen 1000 > > link/gre 164.132.223.34 peer 89.205.123.34 > > inet 192.168.169.1/30 scope global gre1 > > valid_lft forever preferred_lft forever > > inet6 fe80::200:5efe:a484:df22/64 scope link > > valid_lft forever preferred_lft forever > > > > root@cdn-fr-1-kajgana-net:~# ip r > > default via 164.132.223.46 dev ens3 > > 164.132.223.32/28 dev ens3 proto kernel scope link src 164.132.223.34 > > 192.168.169.0/30 dev gre1 proto kernel scope link src 192.168.169.1 > > > > IP address of tunnel's other endpoint is 192.168.169.2 which is > unreachable > > from the VM. It looks like GRE tunnel has been established but traffic > > cannot be p[assed through. > > > > Is there something we need to do with iptables rules on the hosts to > allow > > GRE traffic or is there anything else we can do to address this issue? > > > > Thanks in advance. > > Regards. > > > > -- > Daan >
